CVE-2023-52076 — HIGH (8.5)

Q: How severe is CVE-2023-52076?

CVE-2023-52076 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-52076?

Check the references section above for vendor advisories and patch information. Affected products include: Mate-Desktop Atril.

Vulnerability Description

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.

CVSS Score

8.5

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Mate-Desktop	Atril	< 1.26.2

Related Weaknesses (CWE)

CWE-22 CWE-24 CWE-27 CWE-25

References

FAQ

What is CVE-2023-52076?

CVE-2023-52076 is a vulnerability with a CVSS score of 8.5 (HIGH). Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. Thi...

How severe is CVE-2023-52076?

CVE-2023-52076 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-52076?

Check the references section above for vendor advisories and patch information. Affected products include: Mate-Desktop Atril.